ENHANCED DISTRIBUTED SECURITY …. Need for Authentication and Attack Detection in 4G networks 4G...

International Journal of Computer Engineering and Applications, Volume XI, Issue IX, September 17, www.ijcea.com ISSN 2321-3469

D. Niranjani and Dr. M. Ganaga Durga 1

ENHANCED DISTRIBUTED SECURITY ARCHITECTURE FOR

AUTHENTICATION AND ATTACK PREVENTION IN 4G NETWORKS

D. Niranjani1 and Dr. M. Ganaga Durga2

1Research Scholar, Bharathiyar University, Coimbatore, Email: [email protected]

2Research Supervisor, Bharathiar University,Coimbatore,Email: [email protected]

ABSTRACT:

Fourth Generation (4G) network is the highly advanced wireless network which aids broadband as well as multimedia applications. The increased set of features available at the user terminal also leads to the maximization of the security risks. It is susceptible to malicious attacks like corruption of the charge, Distributed Denial of Service (DoS) etc. Authentication techniques in 4G networks should provide integrity as well as should avoid this kind of attacks. Hence, to overcome the security problems in the 4G network, in this paper, an enhanced distributed security architecture for authentication and attack prevention is developed. In this proposed architecture, the Elliptic Curve Diffie–Hellman (ECDH) protocol is used for authenticating the mobile nodes within the network through hop by hop authentication and neighbor authentication. In order to prevent DDoS attack, shared authentication information approach is used.

Keywords: 4G Networks; Authenticatio; Distributed Security Architecture; Elliptic Curve Diffie–

Hellma;, Distributed Denial of Service (DDoS).

[1] INTRODUCTION

A. 4G Networks

ENHANCED DISTRIBUTED SECURITY ARCHITECTURE FOR AUTHENTICATION AND ATTACK

PREVENTION IN 4G NETWORKS


4G is the fourth generation wireless technology which is evolving significantly due to its highly favorable

features such as aiding in the broadband performance, multimedia applications, etc. 4G provides better

data rates when compared with 2G (second generation), 3G (third generation) and 3.5G wireless

technology due to the effective technology and standard utilized. The two technologies competing to

attain the 4G performance levels are the LTE (Long Term Evolution) and WiMAX (Worldwide

Interoperability for Microwave Access). There is a lot of difference between the 4G networks and the

other preceding network technologies such as the 4G network works only on the basis of TCP/IP network

architecture, whereas other preceding technologies don’t work on this context. Since, IP is the most

favorable option in the heterogeneous environment for the networking and data communication; it makes

4G less expensive when compared with the preceding technologies. This makes 4G technology available

and accessible to all types of network vendors [1].

B. Need for Authentication and Attack Detection in 4G networks

4G network is susceptible to more malicious attacks and threats due to its open environment when

compared with the preceding wireless technologies. Hence ensuring network security is a critical

requirement in 4G networks [2]. The security mechanisms designed for 4G networks need to be very

robust and scalable.

Some of the security constraints of the 4G network are given below:

Application Security: integrity between the various technical components like hardware,

software, operating system (OS) and data.

Network Access Security: Confidentiality, Integrity, Authentication and Authorization (CIAA) of

the network data

User Security: identity of the user, privacy and authorization [3][4].

The increasing security threats and attacks in mobile communications impose the need of authentication

of mobile subscriber and network. The authentication technique can identify correct mobile subscribers as

well as the mobile network [13]. There are various authentication schemes like public key-based

authentication, symmetric key based authentication, mutual authentication, user authentication,

handoff authentication and Extensible Authentication [5].

Generally some extra messages are added to the original message in flow authentication procedure and

which leads to throughput reduction or increase in processing time. Hence, mobile nodes face long

authentication delays, affecting the goodput. Most of the existing authentication protocols have been

designed for scenario in which client device directly connects to a trusted device (e.g., an access point).

On applying to the multihop scenario, the duration of the authentication process increases significantly.

The reduction of the processing time on authentication procedure is required for a smooth and seamless

hand over [14].

C. Attacks on 4G Networks

A DoS attack on a network is typically by illegitimate users to reduce the capacity of the network or

disrupt communication. Similarly, when the 4G network is encountered by a DoS attack, it reduces both



the functionality and the overall performance causing inconvenience to both user and service provider.

Hence, detecting DoS attacks and defending the network by taking the necessary countermeasures helps

maintain and improve the performance of the application. 4G is a heterogeneous network that consists of

technology from GSM to UMTS to WLAN and WiMax. Each modulation technique faces jamming

issues that can be the most debilitating form of DoS attack in the physical layer. [15].

The current approaches to security in WiMAX systems deploy individualized security solutions. For

example, antiviral software is used to defend against worms and viruses, intrusion detection tools guard

against scanning and denial-of-service (DoS) attacks, firewalls aim to protect against unwanted

connection attempts, and mail filtering tries to foil spam and phishing attempts. Accordingly, most

research done today also focuses on improving these individual tools. An important piece missing from

the current research understands of ways in which attackers can collaborate when targeting WiMAX

networks. Collaborative attacks are those launched by multiple malicious adversaries that synchronize

their activities to accomplish disruption, deception, usurpation, and disclosure against some targeted

organizations or network entities. Collaborative attacks may cause more devastating impacts since they

combine efforts of many attackers. [16].

D. Existing works and Previous Work

Most of the works related to security in 4G networks concentrate on authentication techniques which

avoids the possible external attacks like node capture, fabrication and forging attacks. But after the

authentication process, some of the authorized users may turn into malicious attackers leading to some

external attacks listed in the previous section. Hence there is a need for the complete security architecture

which provides both authentication and attack detection.

This paper extends the previous work [12] in which a distributed security architecture has been proposed

for authentication in 4G networks. In this architecture, the SPAKA protocol [5] is used for the generation

of the public keys which is used for the initial authentication and hop by hop authentication. Hop by hop

authentication is performed using Elliptic curve Diffie–Hellman (ECDH) [10]. Along with the user

authentication and hop by hop authentication, a neighbor authentication scheme is provided.

Since 4G network supports numerous wireless network devices, it is prone to more attacks like corruption

of the charge, Distributed Denial of Service (DoS) etc [5]. This paper proposes enhanced distributed

security architecture for authentication by including attack prevention module. For attack detection, the

shared authentication information (SAI) technique [11] is applied which uses an authentication [11] token

to protect the network from possible DDoS attacks.

[2] RELATED WORKS

Dake He et al [5] have presented an AKA scheme (SPAKA) on the basis of the self-certified public-key

for the emerging 4G network in order to minimize the storage stack, calculation complexity as well as the

networking load on the conventional public key based authentication techniques for the users and also, the

security level in the 3G AKA mechanism is also enhanced. According to the authentication need, three

authentication protocols: first-time authentication, re-authentication and handoff authentication are

developed.




Tamal Dhar and Chandan Koner [6] have presented a mutual authentication protocol which checks the

validity of the subscriber as well as the network based on the subscriber’s password and biometric feature.

This protocol is a mutual authentication protocol that utilizes the biometric and password for its working.

Mahdy Saedy et al [7] have presented an M2M (machine-to machine) communications model on the basis

of the 4G cellular system in order to create an Ad Hoc networks in the locations where the terminals are

situated close to one another. During the addition of the critical parameters, in order to offer safe

communication among M2M and the network, a simpler protocol stack is used.

Chan-Kyu Han et al [8] have developed a mathematical framework which can be utilized to choose

optimal handover key to update the time period to aid the related network operator. The time period will

be an optimal interval which suites the network management procedures.

Salwa Elramly et al [9] have proposed a new protocol to improve the safety in Mesh mode on the basis of

cryptosystems and offer methods to safeguard the initial entry of the nodes into the network as well as

maintain privacy among nodes. Moreover, to provide higher security to the messages and key

distribution, this protocol integrates and utilizes the Advance Encryption Standard and Biometric Digital

Key (AES-BDK).

Perumalraja Rengaraju et al [10] have presented an QoS-aware distributed security architecture based on

the elliptic curve Diffie–Hellman (ECDH) protocol. This protocol enhances the security strength and

reduces the overhead in the 4G systems. This technique lets the nodes to be authenticated at the entry

period by the home network. Later the node is authenticated by the access node. This technique uses

bandwidth and estimation overhead which is little greater than the conventional resource usage.

SK Hafizul Islam and G.P. Biswas [18] have proposed pairing-free ID-2PAKA protocol based on ECC. It

helps two users to establish a common session key between them through an open network.

Mohammed Ramadan et al [19] secure mutual authentication and key agreement scheme for LTE

networks. It uses designated verifier proxy signature and key agreement protocol based bilinear pairing.

[3] ENHANCED DISTRIBUTED SECURITY ARCHITECTURE (EDSA) FOR

AUTHENTICATION AND ATTACK PREVENTION

A. Overview

Figure 1 and 2 shows the block diagram and Flow chart of the proposed EDSA.



Figure 1 Block Diagram of EDSA

Figure 2 Flow chart of steps involved in EDSA

B. Public Key generation based on SPAKA Protocol

The SPAKA protocol [5] is used for the generation of the public keys. This public key is later used for the

initial authentication and hop by hop authentication. The public key generation mechanism involves the

following steps:

1. The MN receives the public key details of its BS through the broadcast channels. The MN

encrypts the data (X), Id of the base station ( ) and Id of the MN ( ) along with the

public key of BS ( ) and sends it to BS.

MN E(X, , , ) BS

2. On receiving it, BS decrypts to receive X and validates . Next, BS responds to MN by

sending , and time stamp (TS) after encrypting them with the public key of the home

equipment ( ).

BS E(, ,

TS) MN




3. On receiving the response from the BS, the MN’s HE decrypts it and checks its validity. When

the response is verified to be valid, MN generates its public key . It encrypts it by using

and sent to BS.

MN E( )

BS

C. Hop by Hop Authentication using ECDH

In this technique, the ECDH protocol is used to authenticate the network nodes such as mobile nodes

(MN), base station (BS), etc [10]. First, an initial authentication process is carried out to validate the

network on an overall basis. In this process, the BS and MN communicate with each other. Accordingly, a

secure tunnel is created between the BS and MN. After validating, the UE authenticates it by using the

key set used in the network. Only, if the MN gets authenticated, it will be considered as a valid member

of the network.

To perform hop-by-hop authentication, a distributed architecture with relay nodes is established for

multihop networks. The steps involved in hop-by-hop authentication are summarized as follows:

1) For multihop connectivity, the relay node RN broadcasts its public key, ECDH global parameters, its

id and system parameters in the broadcast message.

2) The MN that wishes to join with the relay node starts the ranging and connectivity process.

3) If the newly joined node is also a RN, then its parent RN will share the public key of BS and ECDH

global parameters.

4) The new RN will associate with the BS by sending its public key.

5) Thus a tunnel will be established between the multihop RN and the BS.

This process is illustrated in using Figure 3.

Figure-3 Hop by hop authentication using ECDH



Consider Figure-3. It consists of a BS and two MNs MN1 and MN2 connected to a relay node RN1.

RN1 contains the authentication key of MN1and MN2, security association id of MN1and MN2 and

public keys of MN1 and MN2

RN1:

AKMN1, SAIDMN1, MN1PK

AKMN2, SAIDMN2, MN2PK

BS contains the authentication key of RN1, security association id of RN1and public keys of RN1

BS: AKRN1, SAIDRN1, RN1PK

Suppose MN2 wants to send an encrypted data in a tunnel mode, first, it encrypts the traffic using SA-

TEK associated with RN1. Then, RN1 decrypts the traffic using SA-TEK and encrypts the data using

BS’s public key.

D. Neighbor Authentication Scheme

In this protocol, every MN in the network is known to all the members of the network. This is achieved

by the BS by broadcasting the new MN information like MN_ID, etc to all the members as soon as the

new MN arrives into the network. Based on the recorded information, MN’s can link with its neighboring

MN after authenticating each other. This scheme is described in algorithm 1.

Algorithm 1

1. When a new MN enters into a network, the BS of that network will broadcast this information to

update all the member MN.

2. So, all the member MNs will have the details of the new MN and similarly, about all the valid

nodes in the network.

3. During scanning the channel if the new MN finds any MN, then it will check if the MN is

trustworthy or not by verifying its MN_ID.

4. If the ID is found to be valid then the new MN will send its public key.

5. Both MN create uplink and downlink digital signature and exchange it.

In this way, the neighbor nodes get authenticated.

After the authentication process, all the valid nodes get authenticated. Then the MN and BS involve in

data transmission which will be very efficient due to higher data security. The, QoS of the network will

also be high, which makes the network communication very effective.

E. DDoS Attack Prevention using Shared Authentication Information (SAI)

To establish connectivity with a BS, an MN performs ranging through a Ranging Request (R_REQ) and

Ranging Response (R_RES) messages. The BS allocates the bandwidth for the ranging interval to the




MS. Since this process does not involve any authentication or authorization, any MS can request

unlimited bandwidth which raises the possibility of a DDoS attack to BS.

Mobile WiMAX uses CMAC to prevent forgery of messages. This CMAC consists of least significant 64

bits for CMAC value and unused most significant 64 bits. These unused bits are used for Shared

Authentication Information (SAI). In SAI approach, the unwanted procedures of verifying the CMAC

values of MS and generating AK by the BS can be skipped, thus avoiding the chances of DDoS attacks.

This approach uses an authentication [11] token to protect the network from the possible DDoS attacks. It

is illustrated using the following algorithm that includes three scenarios:

Algorithm 2

----------------------------------------------------------------

Notations Definition

----------------------------------------------------------------

D_REQ De-Registration Request

CMAC Cipher-based Message Authentication Code

MN Mobile Node

Q Paging Controller

Uloc Location Update

Midle Idle Mode

R_REQ Ranging Request

R_RES Ranging Response

L_REQ Location update request message

L_RES Location update response message

L_CON Location update confirmation message

C_REQ Context request message

C_RES Context response message

R Authenticator

----------------------------------------------------------------

Phase 1

1. When MN moves to idle status, it computes CMAC value and extract the SAI from it.

2. MN stores SAI and sends D_REQ to BS

MN REQD _ BS

3. BS upon receiving D_REQ verifies CMAC value.

If CMAC is valid, it extracts and stores SAI.

It then sends the node information request message with identity of MN (IDMNi) and SAI to Q

BS ]|[ SAIIDREQ

iMN Q



Q stores the data and sends the node information response message. This confirms the SAI

processing result.

Q RESBS

Phase 2

1. When an MN performs secure location Update (Uloc) or re-enters into idle status, the bandwidth is

allocated for ranging and sends R_REQ message for SAI.

The format of R_REQ is shown in the following table

Table – 1 R_REQ

Type Length Value

Relevant Type 64 bits (Based on security

assurance)

high order 64 bits of CMAC value

2. Once BS receives R_REQ message, it passes the SAI to Q using L_REQ message if ranging is

meant for Uloc or re-entering into idle status

BS QSAIREQL }{_

3. Q verifies SAI.

a. If two values are equal, Q requests the context of MN to R through C_REQ message.

Q RContextREQC }{_

b. R generates context and forwards it to Q using C_RES message.

Q QContextRESC }{_

c. If Q and R contain the same entity, then C_REQ and C_RES will not be exchanged.

d. Q sends back the context to BS using L_RES message

Q BSContextRESL }{_

e. BS performs the following:

i. Computes CMAC value of R_REQ with the CMAC key of MN

ii. Validates it

iii. Sends R_RES message to MN, if the CMAC is valid.

f. On the other hand, if the two SAI values are not equal, Q informs BS about the Uloc

failure. BS will then ignore R_REQ message.

Phase 3:




When SAI value is already utilized once, MN should update the value as SAI is submitted to Q in clear

text. The update happens when MN re-enters into idle status by de-registration.

1. After the secure Uloc, MN enters into idle mode. During this update, MN and BS exchanges R_REQ

and R_RES message.

2. Q validates SAI of MN by exchanging L_REQ and L_RES messages with BS.

3. BS performs the following:

Generates R_RES message

Updates SAI using CMAC value of R_RES message

Sends R_RES to MN

BS transmits L_CON to the Q to inform the updated SAI.

4. Q and MN again are with the same new SAI.

[4] SIMULATION RESULTS

A. Simulation Model and Parameters

To simulate the proposed Distributed Security Architecture for Authentication (DSA) technique, NS-2

[20] is used. In the simulation, a WLAN- LTE heterogeneous network is considered. It consists of 4 base

stations among which, 2 are based on LTE and remaining 2 are based on WLAN. The base stations BS1

and BS2 marked with orange circle belongs to 802.11 WLAN and base stations eNB1 and eNB2 marked

with blue circle belongs to LTE network. Each network contains 5 clients (refer fig. 3). All nodes have

the same transmission range of 250 meters. In this simulation, Mobile node 3 and 13 perform vertical

handoff.



Figure 3 Simulation Topology

The simulation settings and parameters are summarized in Table-2

No. of Mobile

Nodes

20

Area Size 500 X 500

Transmission

Range

250m

Simulation Time 50 sec

Traffic Source CBR

Packet Size 512

Rate 50,100,150,200

and 250kb

Number of eNB 2

Number of BS 2

Speed of Mobile

node

10 m/s

Table-2 Simulation Settings

B. Security Parameters and Analysis

In NS-2, Diffie Hellman algorithm is applied for generating shared secret and the necessary changes are

done

for authentication and authorization functions. The various security parameters used in the simulation are

given below:

Public keys of network nodes: BS = 155, MN0 to MN19 = 597.

Private Keys: BS=853, MN0 to MN19=855




Shared secrets: Between BS and MN = 810

Size of R_REQ and R_REP messages: 64 bytes

MAC Key size: 128 bits

CPU Speed: 2.4 GHz

MAC Computation overhead: 11.4 s

Transmission Overhead: 32 s

Computation overhead without SAI: 106423 cycles

Computation overhead with SAI: 106530 cycles

Attacks Prevented

(i) Ranging Attacks: Since the R_REQ and R_REP messages are encrypted , the intermediate nodes

are unable to manipulate the message in short period. Hence the attacks during the ranging

periods are avoided.

(ii) Handoff Attacks: Since the messages are encrypted using ECDH, security threats related to

handover are overcome.

(iii) Multi hop Attacks: Since mutual authentication takes place between the joining MN and the BS,

the rogue nodes can be detected by the joining node.

C. Performance Metrics

(i) Authentication Delay

The total authentication delay (Dauth) is composed of three delay elements: the processing, transmission,

and propagation delays:

Dauth = Dproc + Dtrans + Dprop (1)

The transmission delay, Dtrans, is the delay experienced while transmitting an EAP message.

The processing delay Dproc is the delay experienced by each node while processing a message.

Cryptographic operations and key generation accounts for most of the processing delay.

Dprop is a one-direction propagation delay between the UE and the AP.

(ii) Bandwidth Cost

To evaluate the bandwidth consumption of the re-authentication, all transaction message size between

different network entity sections in one round authentication session are calculated.



BWcost =

m

j

jREPmsgREQSizeof1

)/( (2)

(iii) Authentication Success Ratio

Authentication Success Ratio (ACR) is given by

ARC = no_suc_auth / auth_att (3)

where no_suc_auth and auth_att are the total number of successful authentications made and total

number of authentication attempts, respectively.

D. Comparison with Individual Techniques

In first experiment, the proposed EDSA is compared with the individual techniques SPAKA [5] and

Shared Authentication Information (SAI) [11] technique.

E. . Varying Handoff Attempts

In handoff scenario-1, the number of handoff attempts is increased from 1 to 5 in which node MN8, MN9

from BS1 of WLAN network is handoff to eNB1 of LTE network. Similarly MN7 and MN4 from eNB2

of LTE network is handoff to BS2 of WLAN network. Then MN15 from BS2 of WLAN network is

handoff to eNB2 of LTE network.

Figure 3, 4 and 5 show the results of authentication delay, bandwidth cost and authentication success ratio

for all the 3 approaches, when the number of handoff attempts is increased.


Figure 3 Authentication Delay for varying Handoff Attempts




The authentication delay is increased when the handoff attempts are more. From figure 3, it can be seen

that EDSA has 33% and 20% lesser authentication delay when compared to SPAKA and SAI,

respectively because of the fast re-authentication process.

(ii) Bandwidth Cost

Figure 4 Bandwidth Cost for varying Handoff Attempts

Similar to the authentication delay, the bandwidth cost is also increased when the handoff attempts are

more. But EDSA has exactly 33% reduced cost when compared to SPAKA and 14% reduced cost when

compared to SAI because of the load aware handoff technique, as seen from Figure 4.


Figure 5 Authentication Success ratio for varying Handoff Attempts



Figure 5 shows the authentication success ratio of all the 3 techniques. It can be seen that success ratio of

EDSA is 4% of higher than SPAKA and 3% higher than SAI, because of the trust aware handoff

technique.

Effect of Attack Prevention

In order to show the effect of attack prevention by EDSA using SAI, the percentage of affected nodes is

measured for EDSA, SPAKA and EDCH schemes.

(iv) Percentage of Affected Nodes

Figure 6 Percentage of affected nodes for varying Handoff Attempts

Figure 6 shows the percentage of affected nodes of all the 3 techniques. It can be seen that affected nodes

of EDSA is 12% of lesser than SPAKA and 43% lesser than EDCH, since these two techniques did not

contain any attack prevention modules.

F. Varying Mobile Speed

In handoff scenario-2, the speed of the mobile nodes MN9 and MN4 during handoff are varied from 5m/s

to 25m/s.

Figure 7, 8 and 9 show the results of authentication delay, bandwidth cost and authentication success ratio

for all the 3 approaches, when the mobile speed is increased.





Figure 7 Authentication Delay for varying Speed

(ii) Bandwidth Cost

Figure 8 Bandwidth Cost for varying Speed

Both the delay and bandwidth cost increases when the mobile speed increases. From figure 6, It can be

seen that EDSA has 20% and 8% lesser authentication delay when compared to SPAKA and SAI,

respectively because of the fast re-authentication process. From figure7, It can be seen that DSA has

exactly 57% reduced cost when compared to SPAKA and 24% reduced cost when compared to SAI

because of the load aware handoff technique.




Figure 9 Success ratio for varying Speed

Figure 8 shows the authentication success ratio of all the 3 techniques. It can be seen that success ratio of

EDSA is 5% of higher than SPAKA and 3% higher than SAI.

Effect of Attack Prevention

In order to show the effect of attack prevention by EDSA using SAI, the percentage of affected nodes is

measured for EDSA, SPAKA and EDCH schemes.

(iv) Percentage of Affected Nodes

Figure 10 Percentage of affected nodes for varying Speed

Figure 10 shows the percentage of affected nodes of all the 3 techniques. It can be seen that affected

nodes of EDSA is 11% of lesser than SPAKA and 38% lesser than EDCH, since these two techniques did

not possess any attack prevention modules.




[5] CONCLUSION

In this paper, an enhanced distributed Security Architecture for Authentication and attack prevention in

4G Networks has been developed. Initially, the ECDH protocol is used for creating a secure link between

nodes in the unsecure network. In this protocol, the public and private keys are created by the MN and

using these keys, MN communicates and links with the BS. Based on the communication outcome, a

secure tunnel is created between the MN and BS. Next, Hop by hop authentication is performed which

authenticates the MN in the network. In this all the MN in the network gets validated as either trust

worthy or malicious. Whenever a new MN enters the network, initially the BS communicates with it and

broadcasts the new MN information in the network. So, all the MN in the network record the new MN

details and authenticates it. In order to prevent DDoS attack, shared authentication information approach

is used.

REFERNCES

[1] N. Seddigh., B. Nandy., R. Makkar and J.F. Beaumont, “Security Advances and Challenges in 4G Wireless

Networks”, Eighth Annual International Conference on Privacy, Security and Trust,(2010).

[2] Yongsuk Park and Taejoon Park. “A Survey of Security Threats on 4G Networks”, Workshop on Security

and Privacy in 4G Networks,(2007).

[3] Xue Ming-fu and Hu Ai-qun. “A Security Framework for Mobile Network based on Security Services and

Trusted Terminals”, 7th International Conference on Wireless Communications, Networking and Mobile

Computing (WiCOM),(2011).

[4] Rajani Muraleedharan and Lisa Ann Osadciw. “Increasing QoS and Security in 4G Networks Using

Cognitive Intelligence”, IEEE Globecom Workshops,(2007).

[5] Dake He, Jianbo Wang and Yu Zheng. “User Authentication Scheme Based on Self-Certified Public-Key

for Next Generation Wireless Network”, International Symposium on Biometrics and Security Technologies,

ISBAST,(2008).

[6] Tamal Dhar and Chandan Koner, “Password and Biometric Based Mutual Authentication Technique for 4-

G Mobile Communications”, International Journal of Computer Science and Information Technology & Security

(IJCSITS), IRACST, pp. 2249-9555, Vol. 3, No.2,(2013).

[7] Mahdy Saedy and Vahideh Mojtahed. “Ad Hoc M2M Communications and security based on 4G cellular

system”, Wireless Telecommunications Symposium (WTS),(2011).

[8] Chan-Kyu Han and Hyoung-Kee Choi. “Security Analysis of Handover Key Management in 4G LTE/SAE

Networks”, IEEE Transactions On Mobile Computing, Vol. 13, No. 2,(2014).



[9] Salwa Elramly., Saeed Ashry., Abdulatief Elkouny., Ahmed Elsherbini and Hesham Elbadawy. “SMSHM:

Secure Mesh Mode Protocol To Enhance Security of 4G Networks”, International Conference on IT Convergence

and Security (ICITCS),(2013).

[10] Perumalraja Rengaraju., Chung-Horng Lung and Anand Srinivasan, “QoS-Aware Distributed Security

Architecture for 4G Multihop Wireless Networks”, IEEE Transactions On Vehicular Technology, Vol. 63, No.

6,(2014).

[11] Youngwook Kim., Hyoung-Kyu Lim and Saewoong Bahk. “Shared Authentication Information for

Preventing DDoS attacks in Mobile WiMAX Networks” , IEEE Consumer Communications and Networking

Conference,(2008).

[12] D.Niranjani and Dr. M. Ganaga Durga “Distributed security architecture for Authentication in 4G Networks”,

IEEE INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTER APPLICATIONS,(2016).

[13] Pijush Kanti Bhattacharjee and Rajat Kumar Pal “Mutual Authentication Technique Applying Three

Entities in 4-G Mobile Communications”, International Journal of Computer Theory and Engineering, Vol. 3, No.

6,(2011).

[14] Kevin Lee, Jing Deng and Raghuram Sudhaakar, “Fast Authentication in Multi-Hop Infrastructure-based

Communication”, in Proc. of IEEE International Conference on Communications - Communication and

Information Systems Security Symposium (ICC), Sydney, Australia,(2014).

[15] Rajani Muraleedharan and Lisa Ann Osadciw,, "Increasing QoS and Security in 4G Networks Using

Cognitive Intelligence",Workshop on Security and Privacy in 4G Network, IEEE GLOBECOM ,(2007).

[16] Bharat Bhargava, Yu Zhang, Nwokedi Idika, Leszek Lilien and Mehdi Azarmi,, "Collaborative attacks in

WiMAX networks",SECURITY AND COMMUNICATION NETWORKS,Vol-2,pp:373–391,(2009).

[17] Kamal Ali Alezabi, Fazirulhisyam Hashim, Shaiful Jahari Hashim and Borhanuddin M. Ali,” An Efficient

Authentication and Key Agreement Protocol for 4G (LTE) Networks” , 2014 IEEE Region 10 Symposium,(2014).

[18] SK Hafizul Islam and G.P. Biswas,” A pairing-free identity-based two-party authenticated key agreement

protocol for secure and efficient communication”, Journal of King Saud University – Computer and Information

Sciences,29, pp.63–73,(2017)

[19] Mohammed Ramadan, Fagen Li, ChunXiang Xu, Abdeldime Mohamed,Hisham Abdalla, Ahmed Abdalla,” User-to-User Mutual Authentication and Key Agreement Scheme for LTE Cellular System”, International Journal

of Network Security, Vol.18, No.4, PP.769-781, July (2016).

ENHANCED DISTRIBUTED SECURITY …. Need for Authentication and Attack Detection in 4G networks 4G...

Documents

Transcript of ENHANCED DISTRIBUTED SECURITY …. Need for Authentication and Attack Detection in 4G networks 4G...